Sponsored By

Cisco Spark Gets Stamp of Approval on ISO SecurityCisco Spark Gets Stamp of Approval on ISO Security

Certification aimed at elevating trust in the security of this cloud service.

Michelle Burbick

December 14, 2017

3 Min Read
No Jitter logo in a gray background | No Jitter

Building on a successful certification of WebEx for Web conferencing, Cisco today announced it has achieved ISO 27001 certification for its team collaboration platform, Spark. If you're a casual observer like me, you might not readily recognize the standards by their ISO numbers. In a nutshell, this one means when you use Spark, you can now do so with confidence that it's a secure cloud service.

 

 

portable

Because Cisco had already laid some groundwork in achieving this certification (among others) for WebEx, it was able to move Spark through the process "relatively quickly" -- in just six months, said Jonathan Rosenberg, VP and CTO of Cisco's Collaboration Technology group. The ISO 27001 standard defines an extensive list of operational requirements that a cloud service provider must meet, as well as document how it's doing so, and prove that it will continue to meet these requirements moving forward.

 

"It covers everything from incident management to inventory control to access controls to vulnerability scanning and even personnel management," Rosenberg wrote in a Cisco Blogs post on the news. "Customers want to be sure that we're doing all of these things and doing them well. Rather than having to ask about every single detail, they can instead know that -- because we have this certification -- we're doing all of that stuff, and following best practices for them."

In short, what this means is that enterprises can feel more confident in the security of Cisco's cloud service.

Diverting from the Norm
For Cisco, putting an application in a certified data center and calling it good enough isn't, in fact, good enough, Rosenberg said. Getting certified to the ISO 27001 standard is the right way to approach compliance, in that the certification applies to the entire Spark platform, including the underlying data centers, he said. "It's about gaining trust. As an IT guy, you can feel confident signing off on a Spark [implementation]. Cloud is still relatively new, and gaining momentum. IT and buyers are gaining trust in cloud, and this is a step to deliver on that."

But are enterprises really asking for certification at the application level? For some industries in particular, the answer is yes, as Irwin Lazar, VP and Service Director at Nemertes Research, told me in an email exchange.

"I do think having software certified as ISO 27001 is important, especially for a pure cloud SaaS offering like Spark. These kinds of certifications are a critical requirement for regulated organizations to adopt technologies," said Lazar, noting that some Nemertes clients in like financial services, healthcare, and defense contracting can't deploy software that isn't ISO 27001 compliant.

UC analyst Zeus Kerravala agreed. "It's not good enough to have [your cloud app] in a secure data center [for some regulated industries]. The app has to be tested as well."

Kerravala further speculated that with the General Data Protection Regulation on its way in Europe, certifying cloud apps against the ISO 27001 standard will become even more important for any organizations doing business overseas (see "GDPR: From the EU to US").

According to Cisco, Spark is the first app of its ilk to receive this ISO designation. That may very well be true, Kerravala said, suggesting that the significant expense associated with the certification process makes it unlikely that any of the smaller players or startups have gone through it.

Hear directly from Rosenberg on Cisco's vision and product direction in a keynote address at Enterprise Connect Orlando 2018, coming March 12 to 15. He'll take the stage on Tuesday, March 13, at 10 a.m. Register now using the code NOJITTER to save an additional $200 off the Advance Rate or get a free Expo Plus pass.

Related content:

Follow Michelle Burbick and No Jitter on Twitter!
@nojitter
@MBurbick

About the Author

Michelle Burbick

Michelle Burbick is the Special Content Editor and a blogger for No Jitter, Informa Tech's online community for news and analysis of the enterprise convergence/unified communications industry, and the editorial arm of the Enterprise Connect event, for which she serves as the Program Coordinator. In this dual role, Michelle is responsible for curating content and managing the No Jitter website, and managing its variety of sponsored programs from whitepapers to research reports. On the Enterprise Connect side, she plans the conference program content and runs special content programs for the event.

Michelle also moderates Enterprise Connect sessions and virtual webinars which cover a broad range of technology topics. In her tenure on the No Jitter and Enterprise Connect teams, she has managed the webinar program, coordinated and ran the Best of Enterprise Connect awards program, and taken on special projects related to advancing women in the technology industry and promoting diversity and inclusion. 

Prior to coming to No Jitter, Michelle worked as a writer and editor, producing content for technology companies for several years. In an agency environment, she worked with companies in the unified communications, data storage and IT security industries, and has developed content for some of the most prominent companies in the technology sector.

Michelle has also worked in the events and tradeshows industry, primarily as a journalist for the Trade Show Exhibitors Association. She earned her Bachelor's degree from the University of Illinois at Chicago. She is an animal lover and likes to spend her free time bird watching, hiking, and cycling.